Announcement

Collapse
No announcement yet.

UAC security Flaw detected, Microsoft called it by design

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • UAC security Flaw detected, Microsoft called it by design

    Well, the first Security flaw has been detected by Long Zhen, at least as far as I know.
    However, Microsoft called it by design.

    Anyhow Extra, Extra, read all about it (heard it somewhere in a movie a long time ago )

    Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)
    Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design”

    Personally I hope Microsoft will fix it in the next beta, but well see.
    Last edited by Dumber; 2nd February 2009, 13:15.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"


  • #2
    Re: UAC security Flaw detected, Microsoft called it by design

    With what little I've seen of the issue, I am not sure whether it is a genuine vulnerability at this stage or is a compromise from MS to make it more user friendly (Without the UAC warnings)?
    I guess the real answer might come if an exploit is released any time soon.
    I think MS are taking a big gamble though, if they are not admiting anything at this stage!!

    Cheers
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: UAC security Flaw detected, Microsoft called it by design

      Well I think Microsoft should say:
      The current version is in Beta stadium.
      We will check this out for the next version or so.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: UAC security Flaw detected, Microsoft called it by design

        Hi,

        Updates from MS.

        Microsoft changes Windows 7 UAC after new exploit code surfaces

        You'll see this fix in the RC build which is expected in April.

        Microsoft do listen to us

        HTH,
        Tarek
        Tarek Majdalani
        MS Forefront Edge Security MVP

        Comment


        • #5
          Re: UAC security Flaw detected, Microsoft called it by design

          LOL it would be very cool if they have read this topic and thought: Hey that's a nice idea
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: UAC security Flaw detected, Microsoft called it by design

            And yes, the exploit was released as anticipated. (Nice link Tarek)
            Well, so I don't overshadow my expectations for Windows 7, let's say it was a bad decision from MS to change the default settings of UAC in an attempt to keep end users less annoyed.

            What I can see though, which is different from past times, is that MS looks to be a bit less arrogant (Eventually) and listen to the IT community for a change.
            Releasing windows 7 in Beta was defenitaly a wise move.
            Lets hope this is an isolated "Bad decision" from Ms and they fix it.

            Cheers
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: UAC security Flaw detected, Microsoft called it by design

              I don't think it's bad that there are still security flaws in it.
              However, first saying that it's was by design sounds for me a bit arrogant and/or ignorance.

              Personally I would say that Microsoft should be happy thet such flaws are detected and reported.
              People make mistakes and if a programmer create a bug who cares..? As long it get fixed
              Fixing this before RTM'ing the product would be only a good thing for the reputation of the upcomming Windows 7.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment

              Working...
              X